
Despite the Cambridge Analytica scandal, the Edward Snowden leaks and revelations from Facebook whistleblower Frances Haugen, companies continue to hoover up our personal data, and for the most part we let them do so willingly.
But the mood on data gathering is starting to change. Governments around the world are increasingly legislating to rein in the tech giants. So could 2022 be the year that online privacy is taken seriously?
at UK law firm decoded.legal says numerous governments will push new internet legislation in 2022, but he warns that many of them treat privacy as something 鈥渃apable of being cast aside when inconvenient鈥 for national security and that internet companies won鈥檛 give up their business models easily.
Advertisement
鈥淲e will see continued government pushes against encryption and online anonymity, with more proposals to deploy scanning agents on people鈥檚 phones,鈥 he says. 鈥淪urveillance capitalism will continue to flourish unabated, and massive centralised platforms will be ever more firmly entrenched.鈥
The European Union is the world leader when it comes to tech regulation. Its General Data Protection Regulation (GDPR) came into force in 2018 with new rules on how personal data could be collected and used, and it has an upcoming Digital Services Act (DSA) that will demand transparency from online companies on how their algorithms work and how they target advertising towards citizens.
In the US, Democrats are pushing for an update to the 1998 Children鈥檚 Online Privacy Protection Act (COPPA) that would until they are 15 鈥 up from 12 currently. Law-makers there are also pushing for a new single federal law safeguarding citizens data to end the patchwork of state regulations, which reports suggest are often for technology firms, and another piece of proposed US legislation would with the teeth to levy fines of up to $43,792 per individual affected by data misuse.
at US law firm Aaron Sanders says there is a great deal of legislative activity in the US on privacy right now, but that most of it is happening on the state level 鈥 for example, the California Consumer Privacy Act came into effect on 1 January 2020 and gives residents the right to know what data is being collected on them and veto its sale. She is doubtful that attempts to create federal laws will succeed in the short term.
鈥淲hether or not [state] laws will have a great deal of effect in terms of creating meaningful privacy and data protection for consumers is an open question. They have certainly created compliance headaches for companies, but even California鈥檚 law, which was the first, has not produced enough case law or fines yet to judge whether it鈥檚 having its desired effect,鈥 she says.
China is also moving to curb tech firms. While the state has arguably developed online surveillance to a fine art, it doesn鈥檛 want online companies to do the same. Its new Personal Information Protection Law (PIPL) came into effect in August and听. Companies will have to obtain explicit consent before collecting information.
at the Electronic Frontier Foundation says that if she could write her own privacy legislation, it would replicate that requirement for consent from Chinese legislation. A company wouldn鈥檛 be able to harvest data 鈥渏ust because you turned up on their website鈥, she says.
Whether people will actually be clamouring for these new regulations is another matter. Aaron-Stelluto says there is often a fatalistic attitude to data privacy, thanks to a steady stream of stories about leaks and hacks. 鈥淚f you assume that all your information is already on the dark web it鈥檚 hard to be terribly concerned about further misuse,鈥 she says.